×

Server-supported malware detection and protection

  • US 10,305,923 B2
  • Filed: 06/30/2017
  • Issued: 05/28/2019
  • Est. Priority Date: 06/30/2017
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • receiving, at a first server, a first file attribute from a first computing device, the first file attribute associated with a first file, the first server comprising a first trained classification model and a first prediction cache;

    determining at the first server, based on the first file attribute, that a classification for the first file indicating whether the first file is benign or malicious is unavailable at the first prediction cache;

    subsequent to determining that the classification for the first file is unavailable at the first prediction cache, sending the first file attribute from the first server to a master server to determine whether the classification for the first file is available at a base prediction cache of the master server;

    subsequent to sending the first file attribute from the first server to the master server, receiving a notification at the first server from the master server that the classification for the first file is unavailable at the base prediction cache;

    in response to receiving the notification, determining the classification for the first file at the first server by performing, at the first server, an analysis of a second file attribute based on the first trained classification model, wherein the second file attribute is associated with the first file and is requested by the first server from the first computing device after receiving the notification, and wherein the second file attribute is distinct from the first file attribute and distinct from an entirety of the first file;

    sending the classification determined at the first server from the first server to the first computing device; and

    sending at least the classification determined at the first server from the first server to the master server for storage in the base prediction cache and for transmission from the master server to at least one second computing device via at least one second server responsive to receipt of the first file attribute from the at least one second computing device via the at least one second server.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×